IOC Radar
IPMediumSignal 24/100

81.17.23.202

Location
SwitzerlandSwitzerland
Zurich, Zurich
ASN
AS51852
Clientid2054
First Seen
Jul 13, 2024
Last Seen
Apr 5, 2026
Jul 13
First Seen
701d ago
Apr 5
Last Seen
69d ago
11
Reports
source reports
24%
Confidence
medium
Found in 11 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
24%
Signal Score
24 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

31 techniques

Network Information

CountryCHSwitzerland
RegionZurich, Zurich
ASNAS51852
OrganizationClientid2054

Feed Intelligence Summary

11 reports24% confidence
11
Source reports
24%
Confidence score
Category tags
abuseaccessaccess controlactive scanactive scanningantispamattackbad reputationbad web botblog spambotnetbotnet activitybrute forcechcommand and controlcommunication protocolconnectcowriecowrie honeypotcredential accesscredential harvestingcredential stuffingdata exfiltrationdata store exposureddosdecoy systemdenial of servicedionaeadionaea honeypotdistributed attacksemaileuropeexploitation activityftp brute forcegroupshoneytrap honeypotidentity & access exploitationindicatorinjection activitylamplamp exploitation attemptslog4jmailoney honeypotmalicious activitymalicious softwaremalwaremalware behaviourmalware capturenetworknetwork scanningnetwork securitynorth americaphishingphishing attackphishing trappotential malware distributionprocess injectionprotocol exploitationreconnaissanceresearchedresource hijackingscannerscriptsecurity policyself-signedsentrypeer botnetsftpsftp attacksipsip brute forcesip scanningslugsmtp brute forcesocial engineeringspamsshssh attackssh monitoringsurface webt1016t1018t1021t1040t1041t1046t1053t1055t1059t1071.001t1078t1110t1110.002t1190t1203t1486t1496t1499.001t1499.002t1499.003t1565t1566.001t1566.002t1566.003t1566.004t1583t1588t1595t1595.001t1595.002t1595.003tannertcptelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodetsecunited statesvoipvoip attackweb application attackweb exploitationweb spam

Activity Timeline

1 total obs
Apr 5Apr 5

Threat Activity Heatmap

· Peak: 2026-04-05
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreLow Risk
24
SIGNAL
Signal Score
24%
Confidence
11
Reports
First seenJul 13, 2024
Last seenApr 5, 2026
GeolocationCH
CountrySwitzerland
LocationZurich, Zurich
ASNAS51852
OrgClientid2054
Coords47.3682, 8.5671

VirusTotal

Not checked

WHOIS

description
2025-02-03T13:00:04.292Z Honeypot : Dionaea : Source: 81.17.23.202 : Port: 1433 Connection: {'protocol': 'mssqld', 'transport': 'tcp', 'type': 'accept'}
raw
inetnum: 81.17.23.200 - 81.17.23.207 netname: CLIENTID2054 descr: CLIENTID2054 country: CH admin-c: JP5315-RIPE tech-c: JP5315-RIPE status: ASSIGNED PA mnt-by: KP73900-MNT created: 2013-03-19T17:33:36Z last-modified: 2013-03-19T17:33:36Z source: RIPE person: Milciades Garcia address: Edificio Don Tin, Office 306 address: Ave Cuba, Calidonia address: Panama City address: Panama phone: +5078339167 nic-hdl: JP5315-RIPE mnt-by: KP73900-MNT created: 2011-03-17T23:52:10Z last-modified: 2018-05-30T19:09:03Z source: RIPE # Filtered route: 81.17.16.0/20 descr: Ripe Allocation origin: AS51852 mnt-by: KP73900-MNT created: 2012-04-25T13:15:26Z last-modified: 2012-04-25T13:15:26Z source: RIPE
references
https://github.com/telekom-security/tpotce, https://www.virustotal.com/graph/gf7ecdfb4433e4724951b2cf591f44e22dba6542b794e43d5b32b4ca5285d0a9c

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 2 months ago
Appeared in 11 threat reports